Description:
From the beginnings of the U.S. nuclear weapons program, military and civilian dual- agency judgment has been fundamental to achieving nuclear weapon and weapon system safety. This interaction was initiated by the Atomic Energy Act of 1946, which created the Atomic Energy Commission (AEC). The principle of using dual-agency judgment has been perpetuated in the design and assessment of the weapon and weapon system acceptance process since that time. This fundamental approach is still used today in all phases of the weapon life. In this paper, an overview of the history and philosophy of the approach is described.

Description:
The nuclear detonation safety of modern nuclear weapons depends on a coordinated safety theme incorporating three general safety principles: isolation, inoperability, and incompatibility. The success of this approach has encouraged them to study whether these and/or other principles might be useful in other applications. Not surprisingly, no additional first-principles (based on physical laws) have been identified. However, a more widely applicable definition and application of the principle-based approach has been developed, resulting in a selection of strategies that are basically subsets and varied combinations of the more general principles above. However, identification of principles to be relied on is only one step in providing a safe design. As one other important example, coordinating overall architecture and strategy is essential: the authors term this a safety theme.

Description:
Traditional definitions of risk partition concern into the probability of occurrence and the consequence of the event. Most safety analyses focus on probabilistic assessment of an occurrence and the amount of some measurable result of the event, but the real meaning of the ``consequence`` partition is usually afforded less attention. In particular, acceptable social consequence (consequence accepted by the public) frequently differs significantly from the metrics commonly proposed by risk analysts. This paper addresses some of the important system development issues associated with consequences, focusing on ``high consequence operations safety.``

Description:
Safety is of paramount concern in todays high technology environment. Because of technological advances, there are numerous situations (high consequence operations) for which the implications of a safety failure are so severe that extreme attention to safety systems is essential. Some of those situations are: nuclear weapon detonation safety, nuclear reactor safety, dam safety, mass transit transportation safety, and hazardous materials transportation and handling safety. In each case, specific safety systems, human control, and administrative procedures have been designed to give a high level of assurance against disasters. In an overview sense, safety concepts can be divided into two broad approaches: active safety and passive safety. Active safety systems, in general, are based on the need for ``functioning`` elements (operating motors, operator action, etc.) and safety may be based in a large measure on ``reliability`` data (historical records of the operability success of components). Passive safety basically depends on non-functionality.

Description:
The purpose of a unique signal (UQS) in a nuclear weapon system is to provide an unambiguous communication of intent to detonate from the UQS information input source device to a stronglink safety device in the weapon in a manner that is highly unlikely to be duplicated or simulated in normal environments and in a broad range of ill-defined abnormal environments. This report presents safety considerations for the design and implementation of UQSs in the context of the overall safety system.

Description:
Microtechnologies (e.g., microelectronics, and micromachines) are useful and promising for many applications. However, since the small size and specialized materials of electronics in general and microtechnologies in particular appear to make them sensitive to many normal and abnormal environments, and since complete characterization of the newer technologies is lacking, they must be used with extreme caution in high consequence safety applications. Based on what is now known, we believe that they should not be proposed for high consequence safety applications, particularly for nuclear weapons detonation safety.